Re: [Rails] Should "sanitize" return an empty string for non-strings?

Ruby on Rails Thursday, September 12, 2013

On Wed, Sep 11, 2013 at 3:36 PM, Paul E. G. Lynch <plynchnlm@gmail.com> wrote:
> If, in your view, you are expecting params[:name] to be a string, but
> actually rails has parsed it into {"."=>"1234"} (or something more
> malicious)

Params are strings by definition; can you provide a test case/code
that demonstrates where this is not the case?

--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
http://about.me/hassanschroeder
twitter: @hassan

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CACmC4yCEuL7ftA_fn1SxsexHk4Wkm%2BOu4ycnVAdvsTx4Jio-cA%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Posted by Ruby on Rails at 11:19 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)